UCF STIG Viewer Logo

All global initialization files must not have extended ACLs.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22356 GEN001730 SV-38345r1_rule ECLP-1 Medium
Description
Global initialization files are used to configure the user's shell environment upon login. Malicious modification of these files could compromise accounts upon logon.
STIG Date
HP-UX 11.23 Security Technical Implementation Guide 2015-12-02

Details

Check Text ( C-36384r1_chk )
Check global initialization files for extended ACLs.
# ls -lL /etc/profile /etc/bashrc /etc/csh.login /etc/csh.cshrc /etc/environment /etc/.login /etc/security/environ

If the permissions include a "+", the file has an extended ACL, this is a finding.
Fix Text (F-31723r1_fix)
Remove the optional ACL from the file.
# chacl -z [global initialization file with extended ACL]